Threats to machine clouds

1,046 views

Published on

Preliminary research into machine 2 machine clouds presented at B-Sides Cape Town by George Pranchke of SensePost.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,046
On SlideShare
0
From Embeds
0
Number of Embeds
453
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Threats to machine clouds

  1. 1. Security Threats toMachine Cloudsgeorge@sensepost.com
  2. 2. about: usGeorg-Christian Pranschkehttp://www.sensepost.com/blog/7733.html
  3. 3. what we’re going to talk about• the cloud• why this talk ?• machine clouds ?• results: cursory “testing”• what does all this mean ?
  4. 4. The Cloud
  5. 5. clobbering the cloud!
  6. 6. cloud security
  7. 7. Why This Talk ?
  8. 8. security threats to machine clouds• fast growing mobile connectivity• greater number of connected devices• management complexity and high costs• web-based device management for connecteddevices• inherits some of the web app threats plus newones
  9. 9. Machine Clouds ?
  10. 10. machine clouds?
  11. 11. machine clouds?• home automation• vehicle tracking• tele-medicine• location-based services• “M2M and connected products are changing our world”• “safer, simpler and more productive”• “less cost per year than full-time employee”• i.e. ATMs monitoring -> access to finances• i.e. medical equipment -> ensuring very best patient care• i.e. smart signs -> law enforcement• i.e. cars -> driving behaviour to insurance carriers
  12. 12. machine cloud ui: the web application
  13. 13. machine - cloud integration
  14. 14. protocol dissection (i)DHCP response
  15. 15. protocol dissection (ii)restart request response
  16. 16. machine – cloud interaction (i)
  17. 17. machine – cloud interaction (ii)
  18. 18. connecting a machine
  19. 19. Results: Cursory “Testing”
  20. 20. #include <disclaimer.h>
  21. 21. approachBusiness LogicApplicationInfrastructureweb application/web services <<>> “rogue machine”
  22. 22. the environment (i)
  23. 23. the environment (ii)
  24. 24. threat: exposed administrativeinterfaces
  25. 25. threats: cms layer (i)
  26. 26. threats: cms layer (ii)
  27. 27. threats: cms layer(iii)
  28. 28. threats: web app layer
  29. 29. clickjacking/ui redressing
  30. 30. SDKs (i)
  31. 31. SDKs (ii)
  32. 32. SDKs (iii)
  33. 33. SDKs (iv)
  34. 34. a side note…
  35. 35. transport layer encryption (i)
  36. 36. transport layer encryption (ii)
  37. 37. lame ? (i)
  38. 38. lame ? (ii)
  39. 39. lame ? (iii)
  40. 40. threat: malicious applets
  41. 41. a side note …
  42. 42. threat: rogue machines
  43. 43. putting it all together• malicious applets• obtain vendor id or …• unauthorised connection• upload of XSS payload or …• XSS -> session hijacking and …
  44. 44. What Does All This Mean ?
  45. 45. what does all this mean
  46. 46. Security Threats toMachine CloudsThank You!

×